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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mafling date of this communication. 

• Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Off tee later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)S Responsive to communication(s) filed on 06/29/01. 04/01/02.& 04/10/03 . 
2a)D This action is FINAL. 2b)M This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) M Claim(s) 1-39 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |3 Claim(s) 1-39 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)Q accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
Priority under 35 U.S.C. §§119 and 120 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)E]AII b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

13) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application) 

since a specific reference was included in the first sentence of the specification or in an Application Data Sheet. 
37 CFR 1.78. 

a) □ The translation of the foreign language provisional application has been received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 since a specific 

reference was included in the first sentence of the specification or in an Application Data Sheet. 37 CFR 1.78. 



Attachment(s) 

1 ) H Notice of References Cited (PT0892) 4) □ Interview Summary (PTO-41 3) Paper No(s). 

2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) □ Notice of Informal Patent Application (PTO-1 52) 

3) H Information Disclosure Statement(s) (PTO-1 449) Paper No(s) ±5. 6) □ Other: 
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DETAILED ACTION 

1 . This action is in response to the application filed 06/29/01 . 

2. Claims 1-39 have been examined. 



Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this 
Office action: 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for patent or 
(2) a patent granted on an application for patent by another filed in the United States before 
the invention by the applicant for patent, except that an international application filed under 
the treaty defined in section 351 (a) shall have the effects for purposes of this subsection of an 
application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

4. Claims 1 ,10,1 1,13 -18 & 37 are rejected under 35 U.S.C. 102(e) 
as being anticipated by Crossbie et al US 2002/0083343 Al. 

Regarding claim 1, a system comprising: operating system providing at 
least one routine capable of being invoked, and said operating system operable 
to collect audit data for invoked operating system routines (Col.4- section 0063); 
data storage having collected audit data stored thereto in a first format and 
software code executable by at least one processor to receive said collected 
audit data and generate output comprising at least a portion of said collected 
audit data in a desired for-mat defined by a template, wherein said desired format 
is different than said first format (Col.4: section 0065). 

Regarding claim 10, the system of claim 1 wherein said template 
comprises at least one conditional element (Crossbie, 7: [0354,355], see race 
condition). 

Regarding claim 1 1 , the system of claim 10 wherein said at least one 
conditional element dictates that said output is to have a particular format if a 
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condition is satisfied otherwise said output is to have a different format 
(Crossbie, 4: [0065], see rare condition). 

Regarding claim 13, the system of claim 1 wherein said operating system 
comprises a kernel-level audit device driver for collecting said audit data 
(Crossbie, [0065]). 

Regarding claim 14, the product version of the system in claim 1, see 
rationale as previously discussed above. 

Regarding claim 15, the computer program product of claim 14 wherein 
said audit data is collected by an operating system (Crossbie, [0063]). 

Regarding claim 16, the computer program product of claim 14 wherein 
said at least one routine includes at least one invoked operating system routine 
(Crossbie, [0063], see template and syslog). 

Regarding claim 17, the computer program product of claim 16 wherein 
said at least one invoked operating system routine is invoked by an application 
via system call (Crossbie, [0063], see template and syslog). 

Regarding claim 18, the computer program product of claim 16 wherein 
said at least one invoked operating system routine is invoked via user command 
(Crossbie, [0089), see user control and GUI). 

Regarding claim 37, the software version of the system in claim 1, see 
rationale as previously discussed above. 

Claim Rejections - 35 (JSC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis 
for all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

6. Claims 2 - 9,19 - 36, 38 & 39 are rejected under 35 U.S.C. 103(a) as 
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being unpatentable over Crossbie et al. US 2002/0083343 AJ as applied in claim 
1 , in view of Drake et al. USPN 6,347,374. 

Regarding claim 2, Crossbie discloses all the claimed limitations as 
applied in claim 1 . Crossbie doesn't explicitly disclose wherein said template 
comprises at least one constant element. However Drake does disclose this in a 
similar configuration (FIG 1 . Audit File 18, Collector 26, and Destination Dir 46, 
for output, also see 12.-53-55, for raw event). Therefore it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to 
combine Crossbie and Drake because, using constant elements (raw events) 
during audit data collection makes events and elements for collecting information 
and data reusable. 

Regarding claim 3, Crossbie discloses all the claimed limitations as 
applied in claim 2. Crossbie doesn't explicitly disclose wherein said at least one 
constant element is included verbatim in sad output. However Drake does 
disclose this in a similar configuration (FIG 1 . Audit File 1 8, Collector 26, and 
Destination Dir 46, for output, also see 12:53-55, for raw event). Therefore it 
would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine Crossbie and Drake because, using constant 
elements (raw events) during audit data collection makes events and elements 
for collecting information and data reusable. 

Regarding claim 4, Crossbie discloses all the claimed limitations as 
applied in claim 1 . Crossbie doesn't explicitly disclose wherein said template 
comprises at least one variable element. However Drake does disclose this in a 
similar configuration (Drake Col. 6:20-65, see integer, string data types for 
variable). Therefore it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to combine Crossbie and Drake because, 
using variable elements during audit data collection makes events and elements 
for collecting more customizable and flexible. 

Regarding claim 5, Crossbie discloses all the claimed limitations as 
applied in claim 4 above. Crossbie doesn't explicitly disclose wherein said at 
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least one variable element identifies a particular portion of the collected audit 
data to be included in said output. However Drake does disclose this in a 
similar configuration (FIG. 1 , see item #, 26 and 38 for collected audits and 
destination for output). Therefore, it would have been obvious to one of ordinary 
skill in the art at the time the invention was made to combine Crossbie and 
Drake because, using variable elements during audit data collection makes 
events and elements for collecting more customizable and flexible. 

Regarding claim 6, see claim 5 for reasoning (for location as claimed see 
destination). 

Regarding claim 7, the system of claim 1 wherein said collected audit data 
comprises a record for each invocation of an operating system routine that is 
included within said collected audit data, and wherein each record includes at 
least one type of audit information relating to execution of an invoked operating 
system routine (Drake, Col.9-20-3-5). 

Regarding claim 8, the system of claim 7 wherein said at least one type of 
audit information includes at least one type selected from the group consisting 
of: user identification, group identification, supplementary group identification, 
process identification, event identification, event count, event type, date, 
time, thread identification, system call, capabilities used, object, and 
result (Crossbie, 7, section [0140], see event of specific types). 

Regarding claim 19, the product version of the system in claim 3, see 
rationale as previously discussed above. 

Regarding claim 20, the product version of the system in claim 4, see 
rationale as previously discussed above. 

Regarding claim 21, the product version of the system in claim 7, see 
rationale as previously discussed above. 

Regarding claim 22, the product version of the system in claim 8, see 
rationale as previously discussed above. 

Regarding claim 23, the computer program product of claim 22 wherein 
said audit data comprises multiple ones of said record, further comprising code 
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executable to sort at least a portion of the multiple records based on at least one 
of said types of audit information (Crossbie, section [021 1]). 

Regarding claim 24, the product version of the system in claim 9, see 
rationale as previously discussed above. 

Regarding claim 25, the product version of the system in claim 10, see 
rationale as previously discussed above. 

Regarding claim 26, the method version of the system in claim 4, see 
rationale as previously discussed above. 

Regarding claim 27, the method version of the product in claim 4, see 
rationale as previously discussed above. 

Regarding claim 28, the method of claim 26 further comprising the step of 
creating, by a user, said audit transformation template (Crossbie, [0065]). 

Regarding claim 29, the method version of the system in claim 3, see 
rationale as previously discussed above. 

Regarding claim 30, the method version of the system in claim 4, see 
rationale as previously discussed above. 

Regarding claim 31, the method version of the system in claim 5, see 
rationale as previously discussed above. 

Regarding claim 32, the method version of the system in claim 8, see 
rationale as previously discussed above. 

Regarding claim 33, the method of claim 26 further comprising the step of: 
presenting said output to a user (Crossbie, [0209]). 

Regarding claim 34, the method version of the system in claim 5, see 
rationale as previously discussed above. 

Regarding claim 35,the method of claim 26 further comprising the step of 
inputting said output to an application for processing by said application 
(Crossbie, [0120-0124]). 

Regarding claim 36, the method of claim 26 further comprising the step of: 
sorting said collected audit data based at least in part on at least one type of 
audit information included therein (Crossbie, [0211]). 
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Regarding claim 38, the software version of the system in claim 5, see 
rationale as previously discussed above. 

Regarding claim 39, the library of claim 37 wherein said function 
executable to access collected audit data, said function executable to access a 
template, and said function executable to generate output are included within a 
common function (Crossbie, [0104]). 

Regarding claim 9, see reasoning in claim 4. 

Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Crossbie et al. US 0083343 Al as applied in claim 1 , in view of Drake et al. 
USPN 6,347,374 and further in view of Maloney et al. USPN 6,253,337 Bl. 

Regarding claim 12, Crossbie as modified by Drake discloses all the 
claimed limitations as applied in claim 1 above also refer to portions of Crossbie, 
17: [0518] for comma separated list, and [0166] for ASCII text). The modification 
of Crossbie and Drake doesn't expressly disclose wherein said template defines 
a format of a markup language. However, Maloney does disclose this feature in a 
similar configuration. Therefore, it would have been obvious to one of ordinary 
skill in the art at the time the invention was made to combine Crossbie as 
modified by Drake with Maloney to implement the instant claimed invention 
because, use of the HTML format would made the system more distributed and 
internet compatible. 

Correspondence Information 

7. Any inquires concerning this communication or earlier 
communications from the examiner should be directed to Chuck O. 
Kendall who may be reached via telephone at (703) 308-6608. 
The examiner can normally be reached Monday through Friday 
between 8:00 A.M. and 5:00 P.M. est. 
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If attempts to reach the examiner by telephone are 
unsuccessful, the examiner's supervisor, Tuan Dam can be reached at 
(703) 305-4552. 

Any inquiry of a general nature or relating to the status of this 
application or proceeding should be directed to the Group 
receptionist whose telephone number is (703) 305-3900. 

For facsimile (fax) send to 703-7467239 official and 703- 
7467240 draft 

Software Engineer Patent Examiner 
United States Department of 
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